![\"wordpress\"](\"https:\/\/contabo.com\/blog\/wp-content\/uploads\/2013\/04\/wordpress.jpg\")
<\/a><\/p>\n<\/p>\n
If you are using WordPress, it would be a good idea to use a very strong password and make sure your username is not ‘admin’.\u00a0 There is a brute Force dictionary-based attack that aims to find the password for ‘admin’ account that every WordPress site sets up by default.<\/p>\n
According to industry sources, this is a very well-organized and very distributed attack it is believes that around 90,000 IP addresses are currently involved. Successfully exploited sites get a backdoor installed that provides attackers with ongoing access to the WordPress site, regardless of whether a user subsequently changes the password guessed by attackers. Exploited sites are then used to scan for WordPress installations, and launch the same type of attack against those sites.<\/p>\n
According to CloudFlare, the hackers control about 100,000 bots. The CloudFlare team believes that the attaker is currently using a network of relatively low-powered home PCs, but the aim is “to build a much larger botnet of beefy servers in prepration for a future attack”. Home PCs can be the staging ground for a larger denial-of-service attack, but servers have access to far more bandwidth and can hence push out far larger amounts of traffic.<\/p>\n
Some of the measures you could take to protect your WordPress sites are:<\/p>\n
- \n
- Choose a very strong password – which is always a good idea.<\/li>\n
- Change frequently used admin-level credentials<\/li>\n
- Install a number of WordPress plugin like wp-fail2ban<\/a> , Lockdown WP Admin<\/a>,\u00a0 better WP Security<\/a>,\u00a0 BulletProof Security<\/a> or simply by hardening your WP<\/a> \u00a0 by providing access to the WordPress admin console, to approved IP addresses.<\/li>\n
- WordPress founder Matt Mullenweg notes in a blog post that changing your ‘admin’ username to something a bit more obscure may be your best defense given that the hackers have 90,000 IPs at their disposal.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"
Hackers Use Large Botnet To Gain Access. If you are using WordPress, it would be a good idea to use a very strong password and make sure your username is not ‘admin’.\u00a0 There is a brute Force dictionary-based attack that aims to find the password for ‘admin’ account that every WordPress site sets up […]<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[9,18],"tags":[548],"ppma_author":[1484],"class_list":["post-1927","post","type-post","status-publish","format-standard","hentry","category-company-news","category-tutorials","tag-mount"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false},"uagb_author_info":{"display_name":"Tino","author_link":"https:\/\/contabo.com\/blog\/author\/tinol\/"},"uagb_comment_info":0,"uagb_excerpt":"Hackers Use Large Botnet To Gain Access. If you are using WordPress, it would be a good idea to use a very strong password and make sure your username is not ‘admin’.\u00a0 There is a brute Force dictionary-based attack that aims to find the password for ‘admin’ account that every WordPress site sets up…","authors":[{"term_id":1484,"user_id":10,"is_guest":0,"slug":"tinol","display_name":"Tino","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/7e6d43b8dd27bc4d57256feeb7734e5e820b41c115d1501a5a6f39a90d25d934?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/posts\/1927","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/comments?post=1927"}],"version-history":[{"count":0,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/posts\/1927\/revisions"}],"wp:attachment":[{"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/media?parent=1927"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/categories?post=1927"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/tags?post=1927"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=1927"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- WordPress founder Matt Mullenweg notes in a blog post that changing your ‘admin’ username to something a bit more obscure may be your best defense given that the hackers have 90,000 IPs at their disposal.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"